Best way to surf protected in Mac

[macbookfan]

it's interesting how these old threads still pop up (original post date was 2010). Anyways here are a few things to do.

1. Set your DNS at the router level to Open Dns. They have great malware filtering, and warn you if you are about to navigate to a potentially bad site that is in there database.

2. Never EVER use public wifi to check a bank website. It's very easy to get man in the middle attacked.

3. Don't go to shady websites in the first place, NO MORE PRON FOR YOU BUDDY!

4. If you are googling for something check the website address in the address bar, I have see so manny clients get hacked this way, they search for yahoo tech support and end up getting hacked from china or inda. Just because a website looks like yahoo.com or any other site does not mean it's actually that site.

5. Never put your admin password into the machine while on a website you don't know. The mac prevents users by default from installing software without this password.

6. Use strong passwords I use 1password for this.

Thats my top 6 That i run into I've worked in Tech Support for over 15 years.

 

[2012Tony2012]

it's interesting how these old threads still pop up (original post date was 2010). Anyways here are a few things to do.

1. Set your DNS at the router level to Open Dns. They have great malware filtering, and warn you if you are about to navigate to a potentially bad site that is in there database.

2. Never EVER use public wifi to check a bank website. It's very easy to get man in the middle attacked.

3. Don't go to shady websites in the first place, NO MORE PRON FOR YOU BUDDY!

4. If you are googling for something check the website address in the address bar, I have see so manny clients get hacked this way, they search for yahoo tech support and end up getting hacked from china or inda. Just because a website looks like yahoo.com or any other site does not mean it's actually that site.

5. Never put your admin password into the machine while on a website you don't know. The mac prevents users by default from installing software without this password.

6. Use strong passwords I use 1password for this.

Thats my top 6 That i run into I've worked in Tech Support for over 15 years.

So you are claiming and saying that some pron websites can infect a Mac user with malware, even if the Mac user does NOT enter password and does NOT knowingly install anything?

 

[flynz4]

it's interesting how these old threads still pop up (original post date was 2010). Anyways here are a few things to do.

1. Set your DNS at the router level to Open Dns. They have great malware filtering, and warn you if you are about to navigate to a potentially bad site that is in there database.

2. Never EVER use public wifi to check a bank website. It's very easy to get man in the middle attacked.

3. Don't go to shady websites in the first place, NO MORE PRON FOR YOU BUDDY!

4. If you are googling for something check the website address in the address bar, I have see so manny clients get hacked this way, they search for yahoo tech support and end up getting hacked from china or inda. Just because a website looks like yahoo.com or any other site does not mean it's actually that site.

5. Never put your admin password into the machine while on a website you don't know. The mac prevents users by default from installing software without this password.

6. Use strong passwords I use 1password for this.

Thats my top 6 That i run into I've worked in Tech Support for over 15 years.

7. Always use a VPN when connected to any network that is not secured by yourself personally. If desired, even use a VPN when surfing from your own network.

 

[macbookfan]

So you are claiming and saying that some pron websites can infect a Mac user with malware, even if the Mac user does NOT enter password and does NOT knowingly install anything?

Yes the user space can be infected while this is not as bad as a system level problem it can happen.

A great example is safari plugins. You don't need a admin password to install into the user space.

7. Always use a VPN when connected to any network that is not secured by yourself personally. If desired, even use a VPN when surfing from your own network.

Yes very true, however most home users don't have a VPN or even know what one is. This is my recommendations for home users.

 

[flynz4]

I use a personal VPN. They are plentiful and inexpensive. Strongly recommended.

I was previously using Witopia... but recently switched to cloak (getcloak.com). I would never connect to a hotel or coffeeshop/restaurant without using a VPN.

/Jim

 

[macbookfan]

I use a personal VPN. They are plentiful and inexpensive. Strongly recommended.

I was previously using Witopia... but recently switched to cloak (getcloak.com). I would never connect to a hotel or coffeeshop/restaurant without using a VPN.

/Jim

Great Idea, and I'm glad you are. Unfortunately most of my clients can't tell email from Skype. So thats out for most of them.

 

[Fishrrman]

A good tool might be the Epic Privacy Browser, which is actually a re-do of Chrome.

The developers have stripped out ALL of the google-related stuff, and have added features that block trackers, give you a privacy-based search tool, and even the ability to hide your IP address.

Free to download and free to use.

 

[Cubytus]

A good tool might be the Epic Privacy Browser, which is actually a re-do of Chrome.

The developers have stripped out ALL of the google-related stuff, and have added features that block trackers, give you a privacy-based search tool, and even the ability to hide your IP address.

Free to download and free to use.

Care to share the legitimate link? For some reason I feel such highly desired features would make it an ideal target for would-be scammers trying to rip off people, or installing spyware in it.

Besides, how it is any different from Firefox's and Safari private browsing mode?

 

[2984839]

Care to share the legitimate link? For some reason I feel such highly desired features would make it an ideal target for would-be scammers trying to rip off people, or installing spyware in it.

Besides, how it is any different from Firefox's and Safari private browsing mode?

I have never heard of the browser in question, but running Firefox, Chrome, or Safari in privacy mode just prevents local storage of history, cookies, etc., on you computer. It doesn't prevent the browser from sending info to the sites you visit or to other sites you're not visiting. Chrome has some concerning features that send information to Google regarding your browsing. Private browsing mode does nothing to prevent this.

 

[2012Tony2012]

Yes the user space can be infected while this is not as bad as a system level problem it can happen.

A great example is safari plugins. You don't need a admin password to install into the user space.




Yes very true, however most home users don't have a VPN or even know what one is. This is my recommendations for home users.

What does "user space" mean?

And can you give me a reliable source which shows something can actually be installed through Safari through a website, WITHOUT USER INTERVENTION? Thanks.

 

[Fishrrman]

https://www.epicbrowser.com

 

[Oldmanmac]

Question:

If you haven't set up a 'Guest' account, when you do, is it possible to copy/transfer your not-so-important passwords to the guest account?

 

[Ddyracer]

Hola for chrome. Vpn. Get it. Done.

 

[2012Tony2012]

macbookfan? I am waiting please.

 

[2984839]

What does "user space" mean?

And can you give me a reliable source which shows something can actually be installed through Safari through a website, WITHOUT USER INTERVENTION? Thanks.

Operating systems divide memory into "user space" and "kernel space". This is done for security and stability reasons. The kernel, kernel extensions, and drivers are highly privileged software. They can access raw hardware, make all kinds of system changes, etc. Obviously, we don't want the regular user to have this kind of ability because he may either misuse it and damage the system, or a malicious application could do so intentionally.

Therefore, the user is given "user space". User space is not as privileged as the kernel space. Most programs that users can execute will run in user space. Many exploits take over a program and inherit the same permissions as the user who started it. For example, pretend Firefox was exploited. If you started the Firefox process as root, the attacker would have root privileges. If you started it as a regular user, the attacker would have regular user privileges.

Obviously, if the process that gets exploited was running in kernel space, it's a big deal, because the kernel can do just about anything. That's why memory is divided in this way; we don't want all the software on the machine to have the same privileges.

 

[Cubytus]

I have never heard of the browser in question, but running Firefox, Chrome, or Safari in privacy mode just prevents local storage of history, cookies, etc., on you computer. It doesn't prevent the browser from sending info to the sites you visit or to other sites you're not visiting. Chrome has some concerning features that send information to Google regarding your browsing. Private browsing mode does nothing to prevent this.

Yet another reason NOT to use Chrome.

https://www.epicbrowser.com

Thanks.

 

[2012Tony2012]

Yet another reason NOT to use Chrome.


Thanks.

Any evidence or proof that someones browsing is sent to google when using Chrome?

How do you know that they aren't sending back browsing history to the Epic developers?

And Epic is based on chromium, which in turn is based on Chrome!

Here is a review about Epic: "I spent five days testing this and I am done forever. From taking over default web calls (without my permission) to that nonsense about seeing how other browsers in your system are betraying you (which is accomplished by Epic doing its own snooping)... This browser has blown its reputation from the start in its own YDNTK nonsense and panic mongering. At best, it might serve those who do not want to or know how to control their own privacy, but even it that there are better, more sensible, more flexible alternatives for the savvy. "

 

[Cubytus]

Here you go.
http://lifehacker.com/5763452/what-data-does-chrome-send-to-google-about-me
Among sensitive data:

• Bookmarks and other sync data. This is personal.
• Searches, or partial searches, for auto-complete suggestions. This is personal, but what about adding some skewness to search results?
• Searches or URL loads. None of your business!
• RLZ identifier. Usage unknown. Why would G want to identify my Chrome installation? Isn't the user agent / OS pair enough?

 

[powers74]

It's only been this year that I changed my primary user account from Admin to Standard.

I've been wondering about this for a while. When I set my new Mac up several years ago I wasn't quite as "tec-savvy" as I am now. Is this a fairly smooth transition?

 

[snberk103]

I've been wondering about this for a while. When I set my new Mac up several years ago I wasn't quite as "tec-savvy" as I am now. Is this a fairly smooth transition?

Very. Set up the second account, and make it an Admin Account. I call my 'Trouble' because the only time I really need it is when I have Trouble… Then take your primary account and turn off the Admin privileges. Reboot… and you're done. Keep using your primary account now.

This is no guarantee that things will be 'safer' for the system. However, if something pops up asking for authentication - changes to the system, installing new software, etc - you have a chance to pause and think about it. That's all it does.. it makes you pause for a second. Instead of reflexing clicking OK to a dialogue you need to enter the user name and the password. So.. it makes you think for a couple of seconds. For 99% of what you do there is no change, so it's a very small price to pay for a bit more security.

 

[GGJstudios]

Very. Set up the second account, and make it an Admin Account. I call my 'Trouble' because the only time I really need it is when I have Trouble… Then take your primary account and turn off the Admin privileges. Reboot… and you're done. Keep using your primary account now.

This is no guarantee that things will be 'safer' for the system. However, if something pops up asking for authentication - changes to the system, installing new software, etc - you have a chance to pause and think about it. That's all it does.. it makes you pause for a second. Instead of reflexing clicking OK to a dialogue you need to enter the user name and the password. So.. it makes you think for a couple of seconds. For 99% of what you do there is no change, so it's a very small price to pay for a bit more security.

If a software install or other system change requires the admin password, it would ask for the password even if you're logged in as an administrator. There is no real-world disadvantage in using an admin account as your regular account.

 

[powers74]

If a software install or other system change requires the admin password, it would ask for the password even if you're logged in as an administrator. There is no real-world disadvantage in using an admin account as your regular account.

That is part of what I was wondering, I have to enter my Admin password to make system changes already. But if you are using an admin account, aren't there supposedly things that make it easier for a hacker to do once they're in... or something... I have no idea what I'm talking about...

 

[2984839]

That is part of what I was wondering, I have to enter my Admin password to make system changes already. But if you are using an admin account, aren't there supposedly things that make it easier for a hacker to do once they're in... or something... I have no idea what I'm talking about...

An exploited process started by an administrator (NOT root) will need access to the password before making any system wide changes, including installing stuff. However, they will have access to the files that that user has access to.

Say Firefox was started by user "556fmjoe". If someone was able to exploit a Flash bug in Firefox and get a remote shell on my machine (by tricking me into visiting a site that runs the exploit, for example), he could poke around my home folder, use scp to transfer files he finds to his own server, create/delete files, etc as the user "556fmjoe". Anything my user can do without a password, he can do without a password.

If he wanted to install software, make firewall changes, read the /etc/shadow file, he would need my user password just like I would, since "556fmjoe" is the administrator account and has sudo privileges. If this is a weak password, he might be able to guess it. If not, he's pretty much stuck.

If I was logged in as root and started the now exploited Firefox process as root, it would be devastating, since he would now have a root shell and could do all of these changes without needing a password.

On most Unix systems, creating a separate user account, not just removing admin privileges from your current one, is beneficial for preventing the exploited process from seeing your normal user's home directory's files. It also prevents the possibility of guessing a weak password and getting sudo privileges.

I don't know how OS X handles user accounts, but the above is generally true for standard Unix systems.

 

[powers74]

...
On most Unix systems, creating a separate user account, not just removing admin privileges from your current one, is beneficial for preventing the exploited process from seeing your normal user's home directory's files. It also prevents the possibility of guessing a weak password and getting sudo privileges.
...

Cool, thanks, pretty sure I understand some of it!

 

[2012Tony2012]

Here you go.
http://lifehacker.com/5763452/what-data-does-chrome-send-to-google-about-me
Among sensitive data:

• Bookmarks and other sync data. This is personal.
• Searches, or partial searches, for auto-complete suggestions. This is personal, but what about adding some skewness to search results?
• Searches or URL loads. None of your business!
• RLZ identifier. Usage unknown. Why would G want to identify my Chrome installation? Isn't the user agent / OS pair enough?

That was years and years ago! Do you have a CURRENT source?